Saturday, February 23, 2013

Web browsers are the gateways to the Internet. Once exploited, they become the primary vectors for breaking into computer systems and infecting them with malicious programs. One of the most popular means of breaching security barriers and compromising sensitive data over the Internet is via phishing attacks. Malicious URLs linking to phishing sites has been on the rise over the years. For instance more than 50,000 phishing sites were discovered per month in the last year alone. Another major threat is malware, including viruses, worms, Trojans etc that makes your system a prey of a remote predator. As the gateways to the Internet the browsers are bound to protect your systems from these types of online threats. Therefore they implement numerous security work-outs behind the curtains without relying on security barriers of the OS and antivirus software. Following is a comprehensive discussion about the security features on major web browsers seen today.

Internet Explorer 10 Security:

Over the past couple of years Internet Explorer continued to tarnish its reputation over numerous bugs and vulnerabilities amidst a fierce competition lead by Google Chrome and Mozilla Firebox. However with the new IE 10 launched exclusively for Windows 8 (It supports Windows 7 as well) the software giant strives hard to regain the top notch spot it once enjoyed. Microsoft has introduced several security upgrades to the IE9 in creating the browser destined to serve Windows 8. Enhanced Protected Mode for example restricts browser’s access rights to the other applications to provide an additional layer of protection.

Address Space Layout Randomization (ASLR) introduced with Windows Vista has been tweaked and renamed ForceASLR, and addresses memory related vulnerabilities often exploited by socially engineered malware. Windows 8 kernel includes ForceASLR protection out of the box, and Windows 7 users can enable the feature via an update. InPrivate Browsing enables the users to browse in private, as the browser does not store browsing history, cookies, temporary internet files, user names and passwords etc during a browsing session. Recently NSS Labs on their review on browser security published that Internet Explorer 10 has a malware blocking rate of 99.1% and Phishing URL blocking rate of 92%.

Google Chrome Security:

Behind the curtains web browsers implement numerous strategies for keeping away malicious code snippets breaking into your system and compromising your data. The Sandbox feature is one such precautionary methodology found in Chrome. This lets a particular application run in an isolated environment without impacting other processes. Based on multi-processor architecture adapted by Chrome, processes such as HTML rendering and handling JavaScript are done in secure, isolated environments protecting your System. However this doesn’t mean Chrome is invincible. Last year a group of French hackers of VUPEN managed to crack this sandbox feature successfully.

According to a research conducted by NSS Labs reviewing security features of popular web browsers, Chrome had a malware blocking rate of 70.4% backed by Google’s Malicious Download Protection although this lagged behind the 99.1% of Internet Explorer 10. Chrome has also excelled above the rivals in blocking phishing URLs. Just In Time Hardening (JIT) and Plug-In Security too add plus ones to the chromium camp as these features prevent malicious code snippets taking control over your system behind your back.

Mozilla Firefox Security:

Firefox too is blessed with numerous security features to keep the users safe from exploits and attacks. Site Identity Button provides an overview of the reputation of the website, owners of the website, whether it’s a verified site etc. enabling you to stay away from suspicious sites that could potentially harm your PC. Private Browsing makes browser forget the web history, user names, passwords, cookies etc while Do-not-track feature enables users to inform web sites not to track their behaviors on the sites. However it should be noted that you are only requesting from the websites not to keep tabs on you, adhering to that is entirely up to the website. Firefox is able to mitigate cross site scripting(XCC) attacks using the content secure policy it has adapted to communicate with the website to filter legitimate content.

Firefox enjoys automatic updates, therefore users always get to enjoy the latest and most stable version of the software without having to manually update. Blocking of phishing attacks, detecting outdated plug-ins and blocking malware integrating with the anti-virus software installed on your PC are some of the key security features of the browser. However blocking rate of malware attacks by the browser itself is very poor, recording around 4.2% compared to the 99.1% of Internet Explorer 10 and 70.4% of chrome. That being said you are at the mercy of your anti-virus software when malware downloaded into the computer is concerned.

Opera Security:

Considering the leading rivals Opera is a tiny competitor in the browser arena, with a market share of around 4% or less. However that doesn’t necessarily mean it doesn’t have what it takes to go head to head with the bigger players like Chrome and Internet Explorer. Security-wise Opera too offers a decent set of features to protect its users against attacks. Blocking of malware and phishing URLs is one of the foremost tasks of any browser today, and Opera too protects the users from malicious web pages by automatically scanning the web pages against its huge database of known malware and phishing sites. Opera also allows users to enable do-not-track options and control the right to access geographical location details. Another novel feature is the option to control access rights to the web camera when surfing on social media web sites. Private browsing mode or private tabs feature erases web history, cookies, temporary internet files etc during a private session. Opera scores few points offering 256 bit encryption and extended validation certificates for a safer browsing experience. However 3rd party plug-ins and JavaScript still can pose security threats to the browser.

Conclusion:

Like there isn't anything called a perfect security system there isn’t anything called a perfect browser, and there never will be. Each of the browser discussed above have their own set of pros and cons, and beats the rivals in some aspects. Internet Explorer 10 is a huge transition from the not so pleasant history of its predecessors, and offers rich set of features to maximize your security online. Its malware detection system is able to detect and block 99.1% of the known malware as revealed by NSS Labs. No other browser comes even closer to that margin, with chrome following from a distant scoring 70.4%. However when blocking phishing URLs is concerned, chrome excels ahead of the rivals. Firefox too offers decent set of security features along with its automatic updates in order to keep the users safe. Whatever the browser you’d be using, understanding that security flaws do exist with any kind of system and sticking to the latest versions of the applications and installing security updates and patches recommended by the manufacturer are important for a secure online experience.

Author Bio:

Maria Tomic is a media software testing expert from IQmango free software provider. Maria is primarily focusing on DVD tools and looking for the best free DVD burning software for Windows 8 computer.

The latest update for firefox has done nothing but slow my computer WAY down and really screw it up! I had to uninstall it, and am now looking around for a better browser, which is how I got to this article. I wonder if anyone else is having the same issues I have been having?